|Mozilla 1.9 M8 and earlier, Mozilla Firefox 2 before 18.104.22.168,
SeaMonkey 1.1.5 and other versions before 1.1.10, Netscape 9.0, and
other Mozilla-based web browsers, when a user accepts an SSL server
certificate on the basis of the CN domain name in the DN field, regard
the certificate as also accepted for all domain names in
subjectAltName:dNSName fields, which makes it easier for remote
attackers to trick a user into accepting an invalid certificate for a
spoofed web site.